Your IP :
* Bitrix Framework
* @package bitrix
* @subpackage security
* @copyright 2001-2013 Bitrix
namespace Bitrix\Security;
use Bitrix\Main\Config;
use Bitrix\Main\Context;
use Bitrix\Main\Data;
use Bitrix\Main\EventManager;
use Bitrix\Main\Loader;
use Bitrix\Main\ArgumentNullException;
use Bitrix\Main\ArgumentOutOfRangeException;
use Bitrix\Main\ArgumentTypeException;
* Class HostRestriction
* @since 14.0.6
* @example tests/security/hosts/basic.php
* @package Bitrix\Security
class HostRestriction
const ACTION_REDIRECT = 'redirect';
const ACTION_STOP = 'stop';
private $optionPrefix = 'restriction_hosts_';
private $cacheInitPath = 'security';
private $cacheId = 'restriction_hosts';
private $cacheTtl = 31536000; //one year
private $action = 'stop';
private $actionOptions = array();
private $isLogNeeded = true;
private $hosts = null;
private $validActions = array(
private $validationRegExp = null;
private $isActive = null;
* Handler for system event "OnPageStart", does nothing in CLI mode because it does not make sense
* @return void
public static function onPageStart()
if (\CSecuritySystemInformation::isCliMode())
/** @var HostRestriction $instance */
$instance = new static;
public function __construct()
$this->hosts = Config\Option::get('security', $this->optionPrefix.'hosts', '');
$this->action = Config\Option::get('security', $this->optionPrefix.'action', '');
$this->actionOptions = unserialize(Config\Option::get('security', $this->optionPrefix.'action_options', '{}'), ['allowed_classes' => false]);
$this->isLogNeeded = Config\Option::get('security', $this->optionPrefix.'logging', false);
* The main method that checks the current host, logging and starting action
* @param string $host Requested host for checking.
* @return $this
public function process($host = null)
if (is_null($host))
$host = $this->getTargetHost();
if ($this->isValidHost($host))
return $this;
if ($this->isLogNeeded)
return $this;
* Checking host by host restriction policy
* @param string $host Host for checking.
* @return bool Return true for valid (allowed) host.
* @throws \Bitrix\Main\ArgumentTypeException
public function isValidHost($host)
if (is_string($host) && $host !== '')
$count = 0;
preg_replace($this->getValidationRegExp(), '', $host, 1, $count);
if ($count)
return true;
return false;
* @return array
public function getProperties()
return array(
'hosts' => $this->hosts,
'current_host' => $this->getTargetHost(),
'action' => $this->action,
'action_options' => $this->actionOptions,
'logging' => $this->isLogNeeded,
'active' => is_null($this->isActive)? $this->getActive(): $this->isActive
* Set various properties for host checking, now support:
* - hosts: a string with allowed hosts (wild card supported, e.g.: * {@see setHosts}
* - action: a string with action for unallowed host {@see validActions}
* - action_options: array with some options for action {@see setAction}
* - logging: bool, set true if need logging unallowed host {@see setLogging}
* - active: bool, set true if automatic checking on every request needed
* @param array $properties See above.
* @throws \Bitrix\Main\ArgumentOutOfRangeException
* @throws \Bitrix\Main\ArgumentTypeException
* @throws \Bitrix\Main\ArgumentNullException
* @throws LogicException
* @return $this
public function setProperties(array $properties)
if (isset($properties['hosts']))
if (isset($properties['action']))
if (isset($properties['action_options']))
$this->setAction($properties['action'], $properties['action_options']);
if (isset($properties['logging']))
if (isset($properties['active']))
return $this;
* @return string
public function getAction()
return $this->action;
* @return array
public function getActionOptions()
return $this->actionOptions;
* Set action performed while checking
* @param string $action Some action, now supported: redirect and stop.
* @param array $options Some options for action, so far supported only host for redirect in redirect action.
* @return $this
* @throws \Bitrix\Security\LogicException
* @throws \Bitrix\Main\ArgumentTypeException
* @throws \Bitrix\Main\ArgumentNullException
* @throws \Bitrix\Main\ArgumentOutOfRangeException
public function setAction($action, array $options = array())
if (!$action)
throw new ArgumentNullException('action');
if (!is_string($action))
throw new ArgumentTypeException('action', 'string');
if (!in_array($action, $this->validActions))
throw new ArgumentOutOfRangeException('action', $this->validActions);
if ($action === self::ACTION_REDIRECT)
if (!isset($options['host']) || !$options['host'])
throw new LogicException('options[host] not present', 'SECURITY_HOSTS_EMPTY_HOST_ACTION');
if (!preg_match('#^https?://#', $options['host']))
throw new LogicException('invalid redirecting host present in options[host]', 'SECURITY_HOSTS_INVALID_HOST_ACTION');
$this->action = $action;
$this->actionOptions = $options;
return $this;
* @return bool
public function getLogging()
return $this->isLogNeeded;
* Activate or deactivate logging on unallowed host requested
* @param bool $isLogNeeded Set true if need logging unallowed host.
* @return $this
* @throws \Bitrix\Main\ArgumentTypeException
public function setLogging($isLogNeeded = true)
if (!is_bool($isLogNeeded))
throw new ArgumentTypeException('isLogNeeded', 'bool');
$this->isLogNeeded = $isLogNeeded;
return $this;
* @return bool
public function getActive()
if (is_null($this->isActive))
$this->isActive = $this->isBound();
return $this->isActive;
* Activate or deactivate automatic checking
* @param bool $isActive Set true for enable checking on every request.
* @throws \Bitrix\Main\ArgumentTypeException
* @return $this
public function setActive($isActive = false)
if (!is_bool($isActive))
throw new ArgumentTypeException('isActive', 'bool');
$this->isActive = $isActive;
return $this;
* @return string
public function getHosts()
return $this->hosts;
* Set allowed hosts
* @param string $hosts Allowed hosts (wild card supported, e.g.: *
* @param bool $ignoreChecking Set false for disable host validating before set.
* @throws \Bitrix\Main\ArgumentTypeException
* @throws LogicException
* @return $this
public function setHosts($hosts, $ignoreChecking = false)
if (!is_string($hosts))
throw new ArgumentTypeException('host', 'string');
if (!$ignoreChecking)
$this->hosts = $hosts;
return $this;
* Return regular expressions (based on hosts) for checking.
* Note: regular expression is cached for performance improvement and auto cleared after saving {@see save}
* @return string
public function getValidationRegExp()
if ($this->validationRegExp === null)
$cache = Data\Cache::createInstance();
if($cache->initCache($this->cacheTtl, $this->cacheId, $this->cacheInitPath) )
$this->validationRegExp = $cache->getVars();
$this->validationRegExp = $this->genValidationRegExp($this->hosts);
return $this->validationRegExp;
* Save all properties, enable automatic checking and clear cache if needed
* @return $this
public function save()
Config\Option::set('security', $this->optionPrefix.'hosts', $this->hosts, '');
Config\Option::set('security', $this->optionPrefix.'action', $this->action, '');
Config\Option::set('security', $this->optionPrefix.'action_options', serialize($this->actionOptions), '');
Config\Option::set('security', $this->optionPrefix.'logging', $this->isLogNeeded, '');
if (!is_null($this->isActive))
if ($this->isActive)
->registerEventHandler('main', 'OnPageStart', 'security', get_class($this), 'onPageStart');
->unRegisterEventHandler('main', 'OnPageStart', 'security', get_class($this), 'onPageStart');
Data\Cache::createInstance()->clean($this->cacheId, $this->cacheInitPath);
return $this;
* Return true if HostRestriction already handled on system event "OnPageStart"
* @return bool
protected function isBound()
$handlers = EventManager::getInstance()->findEventHandlers('main', 'OnPageStart', array('security'));
foreach($handlers as $handler)
if ($handler['TO_CLASS'] === get_class($this))
return true;
return false;
* Return requested host for checking
* @return string
protected function getTargetHost()
static $host = null;
if (is_null($host))
$host = Context::getCurrent()->getServer()->getHttpHost();
return $host;
* Logging current host by event manager
* @param string $host Requested host.
* @return bool
protected function log($host)
return \CSecurityEvent::getInstance()->doLog('SECURITY', 'SECURITY_HOST_RESTRICTION', 'HTTP_HOST', $host);
* Perform some actions when requested host is not allowed by host restriction policy
* @return $this
protected function doActions()
case self::ACTION_STOP:
/** @noinspection PhpIncludeInspection */
include Loader::getLocal('/admin/security_403.php');
localRedirect($this->actionOptions['host'], true);
trigger_error('Unknown action', E_USER_WARNING);
return $this;
* Generates regular expression obtained from hosts
* @param string $hosts Allowed hosts (wild card supported, e.g.: *
* @return string
protected function genValidationRegExp($hosts)
$hosts = preg_replace('/#.*/', '', $hosts);
$hosts = trim($hosts, " \t\n\r");
$hosts = preg_quote($hosts);
$hosts = preg_replace('~\\\\\*~', '.*', $hosts);
$hosts = preg_split('~\s+~s', $hosts);
foreach ($hosts as $i => $host)
$hosts[$i] = "#^\s*($host)(:\d+)?\s*$#iD";
return $hosts;
* Checks the host to detect logical errors (eg blocking the current host)
* @param string $hosts Allowed hosts (wild card supported, e.g.: *
* @return $this
* @throws \Bitrix\Security\LogicException
protected function checkNewHosts($hosts)
$this->validationRegExp = $this->genValidationRegExp($hosts);
$count = 0;
preg_replace($this->validationRegExp, '', $this->getTargetHost(), 1, $count);
if (!$count)
throw new LogicException('Current host blocked', 'SECURITY_HOSTS_SELF_BLOCK');
$count = 0;
preg_replace($this->validationRegExp, '', '', 1, $count);
if ($count)
throw new LogicException('Any host passed restrictions', 'SECURITY_HOSTS_ANY_HOST');
return $this;